Sinowal.WVM

It reaches the computer via Facebook in a message that seems to have been sent by a friend and that contains the link to a photo. Besides stealing the users' login data to Facebook, it also designed to steal other type of confidential information from the computer and the user.

Affected platforms:

Windows 2003/XP/2000/NT/ME/98/95

First detected on:

Feb. 8, 2010

Detection updated on:

Feb. 22, 2010

Statistics

No

Brief Description

Sinowal.WVM is a Trojan which is distributed via Facebook in messages that contain a link to see a photo.

If users follow the link, they will be redirected to different websites. In one of them, they will be required to login to Facebook again, and then they will be redirected to another website from which the Trojan will be downloaded disguised as an update of Adobe Flash Player.

Once installed, Sinowal.WVM is designed to steal confidential information about the computer and the user. Additionally, it had previously obtained the login data to Facebook.

Visible Symptoms

Sinowal.WVM is easy to recognize, as it is distributed via Facebook in a message like the following, which seems to have sent by a friend and which contains a link to see a photo: